Debating email privacy concerns and spam

As is often the case, many of you had opinions about last month's commentary about email privacy ( "Privacy Policies Dissolve During Tough Economic Times," http://www.winnetmag.com/articles/index.cfm?articleid=24647 ). Thanks to those who shared their thoughts—and thanks in particular for the generally positive nature of those thoughts. This month, let's consider suggestions that won't abridge the freedoms of spammers, but also won't leave Internet mail as fouled as it is now.

I don't like spam (also known as unsolicited commercial email—UCE), and certainly I'm not unique in that dislike. But what, specifically, is objectionable about spam, and are any of those objectionable aspects potential legal defenses against spam?

One of the most irritating aspects of spam is the spammer's demonstration of contempt for customers. For example, most spammers use fake return addresses, apparently feeling that using my email address to communicate with me is fine, but receiving return email isn't. This paradox puzzles me: Why would I (or anyone) do business with a company so shady that it fears email? If the product or the product's marketing is so objectionable that the marketers are afraid we might actually send an email response, how can they expect to stay in business? Perhaps I'm missing something about spam—you see, I've never bought anything as a result of an unsolicited email. Assuming that the rest of the world is not that different from me, I wonder how these spammers can continue doing business.

Does a legal hook exist on which to hang a complaint against a fake-return-address spammer? Certainly, offering a false name while acting as an agent for an organization might be considered deceptive and perhaps fraudulent. Most US email crosses state lines, so perhaps a mail-fraud potential exists. I admit that although I usually take the side of privacy, I don't think that people have the right to contact me anonymously. I don't answer telephone calls from people who block their caller ID, and I'd like the option to automatically delete emails that use the technological equivalent.

I'm not a true SMTP techie, so I don't know whether the following solution is possible, but I'd like to see someone create an option whereby my email server could verify with the originating mail server that this email from "joe@acme.com" is, indeed, from an account "joe" on a machine at the acme.com domain and was sent by an acme.com mail server; if not, my email server would delete the mail. Of course, that option would introduce some extra concerns for those who administer mail servers, and traveling professionals who often must use whatever SMTP server is nearby to send their mail would have to find a workaround. But I think such a feature would be so popular that it would soon be available with every mail server. Digital signatures are one way to verify a sender, and although few people currently use them, they might be the long-term answer; perhaps in a few years, I'll be able to configure my mail server to automatically delete messages that don't have a digital signature.

Message subject lines such as "In reply to your request," or "Re: the information you requested," also show a spammer's disrespect for potential customers. And I particularly like the tag line that many spam messages include these days: "This message is not spam." Well, golly, I guess that settles it: No spam here. Think of that disclaimer as the email version of Richard Nixon's famous "I am not a crook" answer: More fraud—perhaps actionable fraud?

Spam also puts objectionable material in my inbox. Not only do I get email messages offering links to Web sites featuring women in compromising positions with lower species as well as offers to enlarge my body parts, I'm now starting to receive HTML-formatted emails that include images of explicit sexual content. If I had a 12-year-old child who started receiving that kind of email, I certainly wouldn't be happy. And what if I worked in an office and such a message—image and all—popped up on my screen as a coworker walked by? Some firms would let that employee file sexual harassment charges against me. What would I do—file charges against the poor fool who administers the company's mail servers? Or could I sue the spammer for the damage that such an occurrence would do to my career? Let's see, if the 10,000 of us who received this spammer's junk filed a class-action law suit, we might be able to bankrupt him or her. (Collecting would be a bit more difficult, I suspect.)

Finally, unwanted email consumes my resources or my company's resources (e.g., hard disk space, bandwidth, the time to delete such mail), and although in 2002 that concern is a relatively minor point, I can imagine a day in the not-too-distant future when everyone receives 500 junk emails a day filled with HTML text, image, and perhaps even audiovisual content. At some point, excessive amounts of email start looking less like an annoyance and more like a Denial of Service (DoS) attack. What's the answer in that case?

Some readers suggested that one solution is to shift the cost burden. Currently, the cost to spam someone is small or, if the spammer hijacks your email server through an open relay, zero. But if sending each piece of mail costs the sender, we could curtail indiscriminate spamming by one of the best regulatory mechanisms available—the free market. However, who would collect the money? I already pay a lot of money for my Internet connection, and I run my own mail servers; I don't want to hear that I also have to pay an email tax.

In the final analysis, I think the best way to end spam is to force spammers to reveal themselves, to provide a viable return mail address, and to honor mail list removal requests. Now we simply need to get every country to pass such a law. Sigh...